package com.thermofisher.dsc.amanda.security.config;

import com.thermofisher.dsc.amanda.security.filter.UrlLoginFilter;
import com.thermofisher.dsc.amanda.security.handler.CustomAccessDeniedHandler;
import com.thermofisher.dsc.amanda.security.handler.MyLoginSuccessHandler;
import com.thermofisher.dsc.amanda.security.handler.MyLogoutSuccessHandler;
import com.thermofisher.dsc.amanda.security.service.SecurityUserDetailsService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.stereotype.Component;
import org.springframework.web.filter.OncePerRequestFilter;

/**
 * Created by wenjie.yang on 1/3/2019.
 */
@Component
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

  @Autowired
  private SecurityUserDetailsService securityUserDetailsService;

  @Autowired
  private MyLogoutSuccessHandler myLogoutSuccessHandler;

  @Autowired
  private MyLoginSuccessHandler myLoginSuccessHandler;


  @Autowired
  @Override
  protected void configure(AuthenticationManagerBuilder auth) throws Exception {
    auth.userDetailsService(securityUserDetailsService)
        .passwordEncoder(new BCryptPasswordEncoder());
  }


  @Override
  protected void configure(HttpSecurity httpSecurity) throws Exception {
    httpSecurity.csrf().disable();
    httpSecurity
        //不拦截 前端静态文件
        .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
        .authorizeRequests()
        .antMatchers(HttpMethod.OPTIONS, "/**").permitAll()
        .antMatchers(HttpMethod.POST,
            "/bio-login").permitAll()
//        .antMatchers("/webapp/**","webapp/static/js/**","/webapp/index.html").permitAll()
//      暂时不考虑权限
        .antMatchers("/**").permitAll();
//        .antMatchers("/api/**").hasAnyAuthority("LOGIN_USER").and().exceptionHandling().accessDeniedPage("/access");
    httpSecurity.addFilterBefore(getUrlLoginTokenFilterBean(),
        UsernamePasswordAuthenticationFilter.class);
    httpSecurity.headers().cacheControl();
  }

  @Bean
  public PasswordEncoder passwordEncoder() {
    PasswordEncoder encoder = new BCryptPasswordEncoder();
    return encoder;
  }


  @Bean
  public OncePerRequestFilter getUrlLoginTokenFilterBean(){
    return new UrlLoginFilter();
  }

  @Bean
  public CustomAccessDeniedHandler getCustomAccessDeniedHandler(){
    return new CustomAccessDeniedHandler();
  }


  @Autowired
  public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
    auth.userDetailsService(userDetailsService()).passwordEncoder(passwordEncoder());
    auth.eraseCredentials(false);
  }


}
